<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
<?php
include "connection.php";
session_start();
$user_id = $_SESSION['userid'];
$password = $_SESSION['password'];
date_default_timezone_set('prc');

$password_old = md5($_REQUEST['oldPassword']);
$password_new = md5($_REQUEST['newPassword']);
$password_new_two = md5($_REQUEST['newPasswordTwo']);

if($password_new == $password_new_two){

    if($password_old == $password){
        $table = "user";
        $sql = "update $table set password = '$password_new' where user_id = '$user_id'";
        $query = mysql_query($sql) or die ('更改密码失败！！');

    ?>

    <script type="text/javascript">
        alert("密码修改成功，点击确认返回继续操作！");
        document.location.href = "../setup.php";
    </script>
<?


    }else{

        ?>

    <script type="text/javascript">
        alert("原密码错误，请重新确认密码！");
        document.location.href = "../setup_password.php";
    </script>

    <?

    }

}else{
    ?>

    <script type="text/javascript">
        alert("新密码错误，请重新确认新密码！");
        document.location.href = "../setup_password.php";
    </script>

<?
}



?>
</body>
</html>